.png)
Billing System Architecture vs. Entitlements Explained
Billing system architecture manages invoices and payments. Entitlements control product access and limits. See how both layers fit into a modern software stack.
Explore types of consumption-based pricing models and how systems track usage, apply pricing, and enforce limits in production.
.png)
Somewhere in your stack, there’s a credit check that runs after the request completes instead of before it.
It works fine at low volume, holds up through testing, and fails the first time two agent sessions hit the same balance simultaneously, and both go through because neither read the post-deduction state before committing.
This guide covers what consumption-based pricing actually requires in production and where systems like that quietly break down.
Consumption-based pricing is a model where customers are charged based on how much of a product they use, measured through units such as API calls, tokens, data transfer, or compute time.
For engineering teams, this introduces two core requirements:
Both requirements push responsibility into the runtime system, where usage, limits, and state need to stay aligned as they change.
Consumption-based pricing works by capturing product usage, converting it into billable units, and applying pricing rules to calculate charges.
This happens through a pipeline with three stages:
The same pipeline feeds both billing and enforcement, but they rely on it in very different ways. Billing uses aggregated totals over time, while enforcement depends on the current state during each request.
This split introduces a system constraint. One side tolerates delay, the other depends on immediate, consistent reads.
The main types of consumption-based pricing models are pay-as-you-go, tiered, volume-based, prepaid credits, overage, and hybrid models.
Each one changes how usage is priced and how the system needs to enforce it in real time:
Hybrid models become the default because they balance predictability with flexibility. A subscription sets the baseline, while usage-based components handle spikes and variability.
That balance introduces more complexity in the enforcement layer, where plan terms and live usage need to be evaluated together on every request.
Consumption-based pricing meters units such as API calls, data storage, compute time, AI tokens, and agent actions, depending on how the product is consumed.
Most products start here. Every request generates an event that gets counted per customer over time. It’s simple to implement, but volume adds up quickly, so the enforcement layer needs to handle concurrent updates without breaking shared counters.
This pushes the system toward high-throughput ingestion and atomic counters at scale.
Storage behaves differently because usage changes over time instead of per event. Systems usually rely on snapshots at intervals, which makes consistency tricky when data is deleted mid-period or when timing drifts from billing expectations.
The pipeline needs to handle time-based aggregation and reconcile state across intervals.
Anything tied to runtime needs start and end tracking. Jobs can fail, pause, or retry, so the system needs a clear way to handle partial runs, or the usage record ends up incomplete. This introduces session tracking and state reconciliation as part of the pipeline.
Token usage depends on the model and the request itself. Input, output, and model behavior all affect the count, so the only reliable source is the model response. Estimating from the request tends to drift as models evolve. The system needs tight integration with model outputs and flexible metering logic that adapts over time.
User actions often trigger a chain of internal steps. Each step can consume tokens, compute, or storage, which means the system needs to trace the full execution path back to the original user action to keep attribution accurate. This requires distributed tracing and multi-step attribution across the pipeline.
The unit you choose will shape how your system evolves. If you change it later, you will need to migrate historical usage, update pricing logic, and maintain consistency for customers already on existing plans.
Consumption-based pricing is harder in AI products because cost, usage patterns, and control requirements all change at once.
These differences show up quickly in production, where a single request or workflow can consume far more than expected, especially with reasoning models or multi-step agents. Without real-time enforcement, usage can spike before limits are applied, leading to large and unexpected costs.
Enterprise requirements make this harder. Teams need to allocate budgets, control usage by workflow, and stay ahead of limits, which shifts the problem from billing to real-time control.
Consumption-based pricing requires usage governance because tracking usage alone does not control how that usage grows in real time.
As usage increases, especially in AI products, the system needs to do more than measure consumption. It needs to control it. Without that layer, usage can exceed limits before anyone has visibility into what is happening.
In practice, governance introduces a set of controls that sit in the request path:
For AI products with enterprise customers, governance has to operate across multiple levels simultaneously. A single organization may need per-agent caps, per-team allocations, and department-level spend limits all enforcing independently, and a flat per-customer balance was never built to support that.
This is where the model shifts from billing to control: billing records what was consumed, governance decides what can be consumed next, and in AI systems that decision has to happen before the request runs.
Consumption-based systems break in production when usage, state, and enforcement fall out of sync under real load. At small scale, a simple setup works. As concurrency increases and plans evolve, gaps appear fast.
The auditability failure surfaces last and costs the most to fix. When balances update directly instead of recording events, there is no transaction history to reconcile against and no way to trace a credit deduction back to the request that caused it. A mutable balance column tells you where things ended up. A ledger tells you everything that happened to get there, which is what dispute resolution and revenue recognition both depend on.
Most of what looks like a billing problem at this stage is a system design problem where metering, enforcement, and state were never built to stay in sync.
Billing and enforcement are not the same system, and treating them as one is where most consumption-based architectures break down.
Billing aggregates what was consumed and generates invoices. It can process yesterday's usage events this morning and still do its job correctly.
Enforcement has no such tolerance. It runs in the request path, checks current usage against plan limits, and makes a decision before the action proceeds. A read on stale state means the request goes through when it shouldn't.
Usage-based billing tools are precise, finance-grade, and good at what they do, but they were built to record consumption and generate invoices, not enforce limits inside the product at request time.
The layer that decides what's allowed before the next request runs belongs upstream of billing in the stack. Stripe handles payments, Stigg handles what's allowed.
The control layer sits between the product and billing systems, evaluating entitlements and usage state before each request proceeds. Without it, billing calculates charges correctly but the product has no mechanism to stop usage as it happens.
This layer is responsible for:
Each component is independently deployable. If you already have metering in place, you can add entitlement enforcement without replacing it. If credits are the immediate problem, that's a single integration point.
A dedicated runtime handles all of this without pushing the complexity into application code. The Sidecar runs in the customer's cloud as a Docker container with a local Redis cache for entitlement data, so most checks resolve immediately from local state rather than making a network call on every request.
When the cache misses, it fetches from Stigg's Edge API at around 100ms, with a configurable timeout so upstream latency never cascades into the application.
For teams with data residency requirements, the Sidecar deploys inside your own VPC:
AI products generate millions of entitlement checks per day across concurrent sessions, agent workflows, and org hierarchies. The enforcement layer handles this through:
If the upstream service loses availability, the local cache keeps enforcement running without interrupting requests or opening access.
Webflow has used this setup for years to roll out pricing changes, localization, and credits without routing every change through engineering.
Consumption-based pricing models show how different products meter usage and enforce limits based on what customers actually consume.
Across these examples, the pattern is consistent. The pricing model depends on accurate metering and real-time enforcement so the system can apply the correct rules as usage happens.
Most consumption-based pricing implementations get metering right and treat enforcement as an afterthought.
The usage data is accurate, and the billing system reconciles cleanly. But the moment concurrent sessions draw down a shared balance, the gap between recording usage and controlling it shows up as overages and disputes.
Stigg is the usage runtime that closes that gap. It resolves entitlements, credits, and spend governance in the request path before compute runs. If you are building this layer:
If entitlements are eating sprint capacity, see how Stigg structures the enforcement layer to fit into a multi-tenant stack without replacing the billing infrastructure you already have.
Companies track usage by capturing product events such as API calls, tokens, or compute time and converting them into billable units. This data moves through a metering pipeline that feeds both billing aggregation and real-time enforcement, and every event needs a unique identifier so duplicate processing doesn't inflate usage counts.
When usage exceeds the limit, the system either blocks further usage or allows it and records overage based on plan configuration. That decision has to be enforced during the request against current balance state, not derived from aggregated totals after the billing cycle closes.
Consumption-based systems fail under load when usage, limits, and state become inconsistent across concurrent requests. The most common cause is enforcement running after the request rather than before, which leaves a window where limits are applied too late to prevent overconsumption.
Teams control spending by setting limits, allocating budgets by team or agent, and enforcing those controls synchronously in the request path. An alert that fires after a threshold is crossed is useful for visibility. Enforcement that runs before the request is what actually stops the spend.
Yes. Usage needs to be checked before each request proceeds, not reconciled afterward. A system that meters accurately but enforces after the fact will record every event correctly while still allowing overconsumption, which is the failure mode that produces unexpected overages and billing disputes.